Pelion Device Management (May 2019)

In the latest release of Pelion Device Management, in addition to numerous iterative improvements to existing capabilities, we are introducing features that provide:

• Greater flexibility for on-premises deployments.
• The ability to manage legacy and non-IP devices through Edge gateways.
• Efficiency enhancements to our campaign service metrics.
• Support of identity federation for even greater security and management of user access.

Greater deployment flexibility for on-premises deployments

We introduced Device Management On Premises in our last release, enabling customers to deploy Device Management on their own physical hardware, data centers, and infrastructure-as-a-service platforms. We have extended on-premises support with multiple system deployment options, providing features and capabilities that are identical to those available with Device Management operated and hosted by Arm.

Device Management On Premises provides all of the necessary APIs and integration points for your proprietary software and other third-party applications, including a feature-rich portal and Admin Console (provided for On Premises deployments only) for efficient system management with:

• Streamlined billing for service users.
• Identity and access management to manage and federate users.
• System health diagnostics.

Regional Device Management access in China and Japan

At Mobile World Congress in February, Arm announced a partnership with China Unicom to support their software-as-a-service offering using Device Management. Device Management will enable China Unicom to reach both local enterprises and global organizations operating in China with full IoT device management services.

The collaboration will leverage the capabilities of Device Management, Arm Mbed OS, China Unicom’s new IoT platform, and a rich device and application ecosystem to provide a flexible, high-performance, secure solution.

Additionally, for Japanese customers, we now offer Device Management access locally as a managed service. Customers and enterprises operating regionally can now access our device management services and features, with greater performance and reduced latency using our local point of presence.

Release of Pelion Edge for IoT gateways

Pelion Edge, our device management solution specifically for IoT gateways, extends Device Management's ability to connect and manage non-IP devices and enables managing the gateway itself on the same platform.

Supporting a wide range of features, Pelion Edge provides the same level of support provided to other endpoints: bring-on-board, first-to-claim, gateway firmware update, and resource management (read/write/observe).

With the ability to support connection of up to 200 non-IP and legacy devices behind the gateway, Device Management extends its reach to support a wider range of IoT devices, including Bluetooth Low Energy (BLE) devices. To support additional protocols, a framework for building your own protocol translators is delivered with an open source example of the BLE protocol translator.

The Pelion Edge Manager mobile application, available on iOS and Android platforms, provides users with local control of the gateway using a mobile device. The application enables connecting and controlling devices, including viewing the device status, resource management (read/write), and the option to communicate directly through the local Pelion Edge gateway or through the cloud.

Factory Configurator Utility facilitates the provisioning process, and sets up your gateway for secure connection and communication with Device Management. Provisioning the required credentials to your gateway in the factory enables your devices to trust Device Management and enables Device Management to authenticate your devices when they attempt to connect to your account.

Pelion Edge is provided as an open source reference code on Raspberry Pi 3B+, and enables you to port on to additional hardware platforms with some customization.

The update campaign feature enables you to define which devices receive a firmware update and specify which firmware image to install. You build a campaign around a manifest, which is sent to the device, and a filter that determines which devices receive the manifest. Devices that receive a manifest may reject the update if they do not match the compatibility fields or rules defined in the manifest. This ensures that firmware created for a specific model, or for use by a particular vendor, is not updated on an incompatible or inappropriate device.

In addition to the top-level visibility and overall campaign metrics that have been available since the launch of Device Management, device insights now also include:

• Number of devices in a campaign.
• Number of devices successfully updated.
• Number of devices pending an update.
• Number of devices that failed to update, categorized by failure reason.

Simpler enterprise user access to Device Management Portal – Identity federation

Identity federation makes it simpler for enterprise users to work with the Pelion IoT platform, enabling access to Device Management Portal using work credentials and eliminating the need to create and remember additional usernames and passwords.

Identity federation also provides you with a greater level of system security by enabling central management of all users and their respective permissions to Device Management through your corporate directory service. For example, when an employee leaves the company or changes roles, enterprise IT can centrally update the identity databases by disabling or changing the access rights of the user on both internal and external systems, including Device Management Portal.

Device Management now supports the industry-standard SAML 2.0 identity federation. To gain access to this capability, the account administrator needs to enable this feature through Device Management Portal and configure the parameters of the SAML 2.0 identify server that will be used to authenticate Device Management users.

Identity federation is available to customers of commercial Device Management accounts without additional charge.